Sprint account users got their data leaked via Samsung.com

US mobile network provider Sprint warned its users about data compromise which includes names, phone numbers, device information, and other details

Users of Sprint became victims of a data breach that occurred via Samsung website

Sprint has recently reported a data breach that has affected its users' accounts. The news broke on June 22 when the American telecommunications company was informed that unknown hackers had breached sensitive information that was stored on users' Sprint accounts via the Samsung.com (“add a line”) platform.^[1]

According to Sprint's report, there might be various information that has been leaked during the breach. Some type of sensitive details include the names and surnames, ID numbers, mobile phone numbers, shipping details, type of device used, as well as its ID code.

In its initial statement, the company claims that the affected users are in no risk of fraud or identity theft; however, the statement was not taken positively, as users feel unsafe after a data breach of such kind.^[2]

In the wake of the incident, Sprint assured of data protection by resetting the PIN of user accounts and sent the notification directly to the affected users' phones:^[3]

Your account PIN may have been compromised, so we reset your PIN just in case in order to protect your account.

Sprint sent out emails that included guidelines on fraud prevention

The SMS that was sent by Sprint to the affected users on June 25th, and also explained that no suspicious activity had been seen since then.^[4] Despite that, the information sheet lacks very basic statistics, such as how long the information was accessible to hackers or how many accounts were affected.

While people are wondering whether or not their personal data is secured, Sprint also included the information about what crucial steps users need to take in order to prevent possible identity fraud, money loss, and credit score compromise.

Our security experts also suggest you follow the recommended measures if you want to ensure the safety of personal information and decrease the risk of identity theft. You should choose a hardly-identifiable and robust password for your account security. Be aware that hackers can use a predetermined list of easily-guessable passwords and breach your device at any time.

Additionally, enabling two-factor authentication^[5] is an excellent solution. It ensures the multi-layer protection for your account and helps to address the vulnerabilities of password-only option. Usually, it consists of a specifically generated code that is sent to your mobile phone, so it proves your identity.

User data is one of the most important assets that needs to be adequately protected

Data exposures and breaches happen every day due to numerous different factors. In some cases, large databases full of sensitive corporate and personal data are exposed via databases like Amazon S3 buckets. These breaches are easily preventable, as long as the data files are secured and not accessible to the public. While it sounds easy, many companies managed to fail to secure these databases, and in some cases, malicious actors managed to spot the unprotected bucket before security researchers.

In other cases, data breaches occur due to negligence and inadequate security measures implemented within the company procedures. One of the best of such examples would be storing passwords in plain text instead of encrypting them. In case of compromise, hackers would be able to make the most out it by selling it on the black market. One of the best examples of such inadequate protection was seen from a company that the news outlets do not stop talking about – Facebook.^[6]